The story goes like this. The Commission commenced Article 226 EC proceedings against the United Kingdom because of some legislation in force at the time that restricted the import of foreign beer. The Commission, with a view to finding a satisfactory solution to the case, organized a meeting with British government officials and trade representatives. Ultimately, a solution was reached and the case closed. But then, an importer of German beer wanted to know the names of the individuals who attended the meeting. For what purpose you may well ask. The Commission asked the individuals concerned whether they agreed to have their names revealed. Five of those attendees, no doubt fearing retribution or harassment by the importer, refused to have their identity revealed. The Ombudsman got involved and handed down a scathing report denouncing the Commission for not revealing the identity of those who had refused to have their names disclosed, claiming they had no right to privacy. The Article 29 Working Party then handed down a report in response (but the Court of First Instance pays scant attention to that inconvenient truth). The German importer made a request for the minutes of the meeting with the names of attendees included under Regulation 1049/2001 (the public access to documents regulation). The Commission refused to disclose the names invoking data protection and the terms of Regulation 45/2001. The importer then challenged the Commission's refusal before the Court of First Instance.
The Court of First Instance annulled the Commission's refusal. The judgment must be read to be believed.
The Court held that the list of participants in the minutes contained personal data, since the persons who participated at that meeting could be identified there. Notwithstanding the fact that it was personal data, it was not protected by Regulation 45/2001 because the mere fact that a document contains such data does not necessarily mean that the privacy or integrity of the persons concerned is affected, even though professional activities are not in principle excluded from the concept of "private life".
It also held that the privacy and integrity of a person is not compromised even if personal data relating to that person is revealed. As a consequence, any objection by such a person to disclosure of the personal data cannot prevent disclosure under Regulation 1049/2001.
What was quite extraordinary was the way in which the European Data Protection Supervisor intervened to plead that the very regulation that established his office did not apply, referring to his "paper" on public access to documents and data protection.